Lemo Logo

Privacy Policy

Effective Date: 1 August 2025
Last updated: 1 August 2025

1. Who We Are

LEMO GmbH (“LEMO”, “we”, “our”, “us”) operates the LEMO mobile and web application, a social platform designed for university and college students across Europe.

Registered address: Kirchgasse 33, 8001 Zürich, Switzerland.
Contact: [email protected]

2. Scope

This Privacy Policy explains how we collect, use, disclose, store and protect your personal data when you:

  • Create or use a LEMO account
  • Browse our websites or in-app pages
  • Interact with other users or LEMO features
  • Communicate with us

It applies to users in Switzerland, the EEA, and the UK and is drafted to meet:

  • Swiss Federal Act on Data Protection (FADP, rev. 2023)
  • EU & UK General Data Protection Regulation (GDPR/UK GDPR)
  • Related national laws

3. Data Controller & DPO

Controller: LEMO Venture GmbH
Data Protection Officer (DPO): [email protected]

4. Personal Data We Process

  • Account data: Name, university email, password (hashed), profile photo, study field, graduation year
  • Contact data: Personal email, phone (optional), social links
  • Content data: Posts, messages, comments, media uploads, survey responses
  • Usage data: Log files, device IDs, IP address, timestamps, clicks, in-app actions
  • Location data: City-level location from IP, optional precise geolocation (with consent)
  • Device & technical data: OS, browser, language, crash reports
  • Marketing preferences: Opt-in consents, push-notification settings

We do not knowingly collect special-category data (e.g., race, health) unless you voluntarily share it in your content.

5. Legal Bases

  • Account creation & authentication: Contract performance
  • Providing core social features: Contract performance
  • Optional profile enhancement & community discovery: Consent
  • Product analytics & app improvement: Legitimate interest (service optimisation)
  • Personalised in-app content & non-intrusive ads: Legitimate interest / Consent (for tracking)
  • Direct marketing (email, push): Consent
  • Security, fraud prevention, abuse detection: Legitimate interest / Legal obligation
  • Legal compliance (e.g., tax, law-enforcement requests): Legal obligation

Where consent is the legal basis, you may withdraw it at any time in Settings or by contacting us.

6. How We Use Your Data

  • Create and manage your account
  • Match you with study groups and campus events
  • Facilitate messaging, posting, and content sharing
  • Send service notifications and product updates
  • Tailor feeds, suggestions, and in-app surveys
  • Analyse usage to improve stability and features
  • Detect, investigate, and prevent fraud or misuse
  • Comply with legal duties and resolve disputes

We perform no automated decision-making that produces legal or similarly significant effects without human review.

7. Sharing & Disclosure

We share data only when necessary:

  • Hosting & infrastructure partners (Zürich, Switzerland): Cloud storage, databases
  • Analytics providers: Usage statistics (pseudonymised)
  • Payment processor (if you purchase premium features): Subscription billing
  • Content-moderation vendor: Automated abuse detection
  • Academic or student organisations: Only with explicit opt-in
  • Law-enforcement / regulators: When required by applicable law
  • Corporate transactions: If LEMO undergoes merger, acquisition, or asset sale (with notice)

All third-party processors are bound by contracts meeting Art. 28 GDPR/FADP standards.

8. International Transfers

LEMO stores primary data in Switzerland (Zurich). Where data is transferred outside Switzerland/EEA/UK (e.g., to a U.S. support vendor), we rely on:

  • Adequacy decisions (e.g., EU-U.S. Data Privacy Framework)
  • Standard Contractual Clauses (SCCs)
  • FADP-approved safeguards

You may request a copy of relevant SCCs via [email protected].

9. Retention

We keep personal data only as long as necessary:

  • Account data: While account is active + 12 months
  • Content (posts, messages): Until you delete or 30 days after account deletion
  • Logs & analytics: 24 months (aggregated afterwards)
  • Legal records (e.g., invoices): 10 years (Swiss Code of Obligations)

When retention ends, data is securely deleted or anonymised.

10. Security Measures

  • TLS 1.3 encryption in transit & AES-256 at rest
  • Bcrypt password hashing with salt
  • Multi-factor authentication for staff & admin consoles
  • Least-privilege role-based access controls
  • Regular penetration tests & ISO 27001-aligned audits
  • Incident response plan with 72-hour breach notification commitment (GDPR Art. 33)

11. Your Rights

Depending on your jurisdiction, you may:

  • Access your data (Art. 15 GDPR / Art. 25 FADP)
  • Rectify inaccurate data (Art. 16 / Art. 32)
  • Erase (“right to be forgotten”) (Art. 17 / Art. 32)
  • Restrict or object to processing (Art. 18-21)
  • Data portability (Art. 20 / Art. 28)
  • Withdraw consent at any time
  • Complain to your supervisory authority:
    • Switzerland: Federal Data Protection and Information Commissioner (EDÖB)
    • EEA: your local Data Protection Authority
    • UK: Information Commissioner’s Office (ICO)

Submit requests in-app or via [email protected]. We will respond within one month (extendable by two months for complex cases).

12. Children & Minimum Age

LEMO is intended for higher-education students aged 16+. If we learn we have collected personal data from anyone under 16 without verifiable parental consent, we will delete it.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be notified in-app or by email 30 days before they take effect. Continued use after that date constitutes acceptance.

14. Governing Law & Jurisdiction

This Privacy Policy and any dispute or claim (including non-contractual disputes or claims) arising out of or in connection with it are governed by Swiss substantive law. The exclusive place of jurisdiction is the ordinary courts of the City of Zurich, Switzerland.

15. Contact Us

For questions, concerns, or to exercise your rights:
Email: [email protected]